VPN Articles and News

Healthcare Privacy Concerns Emerge Over US Government’s Website

By Paul Liu
Tuesday, February 17th, 2015

While President Barack Obama is pushing for more initiatives to protect consumer data online, the U.S. government’s healthcare website (HealthCare.gov) is reportedly sharing private data of Americans with dozens of third parties. The HealthCare.gov portal was launched as a part of the healthcare law in October’ 2013 and it was designed to provide easy access to subsidized insurance to people who are not covered by any insurance plan. While the intentions behind the website are indeed noble, the ground reality is that the site is sharing personal data of users with several third parties who are free to use it as they see fit. Read on to see how your healthcare privacy concerns may be impacted.

To apply for insurance coverage, users need to input their personal details on the HealthCare.gov website. However, as soon as a user provides his/her private details, a lot of third party data companies spring into action and are able to glance through user’s data and even tell when he/she is on the site. This becomes possible because dozens of third party data tracking and analysis firms (including Google Analytics, Twitter and Facebook) have embedded their connections into the portal. This allows the firms to build profiles of the users and even track their online activities.

Several technology experts have confirmed the presence of multiple data connections to third party sites through the HealthCare.gov portal. Since the third parties are directly plugging into a government website, any compromise on their site could also lead to the compromise of the healthcare website. And since the portal is dealing with sensitive healthcare information, any security breach could compromise the personal data of thousands of Americans. While there is no evidence available that such a thing has already happened, there is no saying that it won’t happen in the future.

The Obama administration is getting the healthcare portal ready for yet another enrollment drive. The government hopes that more than 9 million people would sign up for insurance coverage before the latest drive ends. When the issue of outside data connections was raised, medicare spokesperson Aaron Albright said that third party vendors are strictly prohibited from using the personal information of the site’s users for commercial gains. He also added that the government relies on the expertise of these vendors to measure the performance of the site. However, Mr Albright did not offer any explanation regarding how the security and privacy policies of the portal are enforced.

Web analytics and tracking is an immensely profitable business so the government ought to be very careful while giving a free reign to third party vendors. While the privacy policy of the portal states that no personally identifiable information is shared with the vendors, tech experts discovered that sensitive information such as age, income and ZIP code was being shared with the analytic companies. With the limited amount of data that they get, analytics firms would not only be able to create user profiles but they may also be able to identify users by tracking their movements on another sites. Healthcare remains a sensitive subject so the government needs to do a lot more to protect private information of the users.